Class AuthRoutes
Namespace: TecnoPack.WebServer.Routes
Assembly: CO0002_Templ_FlowpackHMI_V00_26_M.dll
Provides authentication-related API endpoints, including user login, token generation, and token refresh functionality.
public static class AuthRoutes
Inheritance
object ← AuthRoutes
Remarks
This class contains static route handlers recognized by the web framework
via the
It interacts with sessions and JWT tokens to authenticate users securely.
Methods
Login(HttpContextBase)
Authenticates a user and issues an access and refresh token pair.
[WebRoute(HttpMethod.POST, "/auth/login")]
public static Task Login(HttpContextBase ctx)
Parameters
ctx HttpContextBase
The HTTP context containing the login request data (username and password).
Returns
Task
A task representing the asynchronous operation.
Remarks
On successful authentication, the method returns a JSON object containing:
- The access token (short-lived JWT).
- The refresh token (longer-lived JWT).
- User information including username and role/level.
Logout(HttpContextBase)
Logs out the currently authenticated user by invalidating issued tokens.
[WebRoute(HttpMethod.POST, "/auth/logout")]
public static Task Logout(HttpContextBase ctx)
Parameters
ctx HttpContextBase
The HTTP context associated with the logout request.
Returns
Task
A task representing the asynchronous operation.
Remarks
This endpoint clears both the access-token and refresh-token cookies
from the client by issuing expired Set-Cookie headers that match
the original cookie scope and security attributes.
Since the tokens are stored in HttpOnly cookies, logout must be
performed server-side. No request body is required, and no response
payload is returned.
Me(HttpContextBase)
Retrieves information about the currently authenticated user.
[WebRoute(HttpMethod.GET, "/api/me")]
public static Task Me(HttpContextBase ctx)
Parameters
ctx HttpContextBase
The HTTP context of the incoming request.
Returns
Task
A task representing the asynchronous operation.
Remarks
This endpoint is intended to return the current user's information.
Currently, it is not implemented.
Refresh(HttpContextBase)
Refreshes an access token using a valid refresh token and returns the new access token.
[WebRoute(HttpMethod.GET, "/auth/refresh")]
public static Task Refresh(HttpContextBase ctx)
Parameters
ctx HttpContextBase
The HTTP context containing the refresh token request.
Returns
Task
A task representing the asynchronous operation.
Remarks
The method validates the provided refresh token and ensures it is of type "refresh".
If the token or user is invalid, a 401 Unauthorized response is returned.
On success, the method returns a JSON object with the new access token, the same refresh token,
and basic user information.